Bezpecnost NFS

Petr Snajdr snajdr na pvt.net
Úterý Červenec 22 16:29:45 CEST 1997 

BTW: na teto adrese je Transparent Cryptographics System:

https://edu-gw.dia.unisa.it/

Uz asi 14 dni se tam snazim dostat, ale podarilo se mi to az dnes.
je tam dost strasne spojeni.

Question 1.1. What is TCFS? 
 TCFS is a Transparent Cryptographic File System that is a suitable  
 solution to the problem
 of privacy for distributed file system. By a deeper integration
between  the encryption  service and the file system, it results in a
complete 
 trasparency of use to the user applications. Files are stored in 
 encrypted form and are decrypted before they are read.
 The encryption/decryption process takes place on the client machine and 
 thus the ncryption/decryption key never travels on the network. 

Question 1.2. How does TCFS works? 
     TCFS operates like NFS (Network File System). We added a new flag X 
     to make the file
     secure (encrypted). A TCFS filesystem can be accessed by 
     applications using the same
     system calls as NFS (open,read,write,...) whence the name 
     transparent. Blocks of data are
     correctly decrypted only if the right key is available to the 
     kernel. 

Question 1.3 On which platforms does it run? 
     Currently, TCFS works only on Linux Boxes (Kernel version 2.0.x). 
     We are working to port TCFS under Digital Unix (tm) and BSD (tm). 

[...]

Question 1.7. Is TCFS suitable for encrypting file systems on
non-networked machines -  ie, just a stand-alone system? 
     Sure, TCFS is a kernel modules and operates like NFS, so you can 
     use it on a standalone machine like you could do with NFS. One 
     needs only to compile the kernel with TCFS file
     system support, to export a directory on the client to itself and 
     run NFSD and XATTRD (a
     special daemon required for TCFS). 

[...]

Question 1.13. Is TCFS commercial? 
     Currently TCFS is released under the Gnu's Public License which 
     means that you may
     copy, modify, distribute TCFS for free. For more details, read the 
     file COPYING in the
     sorce directory of TCFS.
     TCFS will be commercial no sooner than release n-th.0.0 :). To give 
     you an idea, the
     current release is 2.0.1 and we areplanning to release TCFS 2.1.0 
    (within the end on 1997). 


[...]

Question 2.1. How are files encrypted? 
     TCFS uses a CBC-DES engine to encrypt. We chose DES because it is 
     fast, well studied,
     and standard. [See Q1.9 'Is TCFS as secure as CFS?']
     Since TCFS 2.0.1 release, IDEA and RC5 cryptographic engines were 
     added in the
     package; now you can choice, at compilation time, which engine to 
     use to cypher yuor
     datas.
     We are planing TCFS to be able to use different engines at run 
     time. 

Vice na: https://edu-gw.dia.unisa.it/tcfs-faq.html
( pokud se tam dostanete :-(((


S pozdravem
  Petr Snajdr

Další informace o konferenci Linux